Confidentiality & Data Protection Policy

(EYFS & GDPR Updated – September 2025)

Policy Statement: At Just Little Ones Childminding, we prioritise confidentiality, privacy, and data protection. This policy complies with the revised Early Years Foundation Stage (EYFS, September 2025) and current General Data Protection Regulation (GDPR) guidelines, clearly outlining procedures for safeguarding personal data.

Confidentiality:

  • All personal information provided by parents and children is treated with strict confidentiality, upholding individuals’ right to privacy.
  • Staff members fully understand their confidentiality obligations, including potential consequences for breaches.
  • Confidential information encompasses personal data, medical records, developmental observations, and other sensitive details.

Storage and Access to Information:

  • Physical personal records are securely stored in locked cabinets accessible only by authorised staff.
  • Electronic data is protected with robust passwords and industry-standard cybersecurity measures to prevent unauthorised access or breaches.
  • Only authorised staff members have access to personal information necessary for their role.

Sharing of Information:

  • Personal data is shared solely on a “need-to-know” basis, always with explicit consent from parents/legal guardians.
  • Data sharing with external professionals (e.g., healthcare or educational specialists) occurs only when necessary, appropriate, and with explicit parental consent.
  • Written consent is obtained from parents for any photographic, video, or other media usage, clearly detailing purpose and duration of use.

Data Protection:

  • Data processing adheres strictly to GDPR guidelines, ensuring data accuracy, relevance, and timely updates to meet childcare and legal requirements.
  • Parents are transparently informed of data collection purposes, lawful processing bases, and their rights under GDPR, including rights to access, correct, or request deletion of data.

Data Breach:

  • Suspected or actual data breaches will trigger immediate internal investigation and prompt mitigation actions.
  • Affected individuals and relevant data protection authorities are notified immediately as mandated by GDPR.

Retention and Disposal of Data:

  • Data retention aligns with GDPR principles, maintaining information only for as long as necessary for childcare provision and statutory requirements.
  • Secure disposal methods (shredding physical documents or permanent deletion of electronic files) are rigorously employed when data is no longer required.

Staff Training and Awareness:

  • Staff receive regular GDPR and confidentiality training, clearly understanding responsibilities and required practices.
  • All staff sign confidentiality agreements, formally committing to uphold privacy and data security standards.

Review and Monitoring:

  • The policy undergoes annual reviews, or more frequently if required, to maintain alignment with EYFS and GDPR updates.
  • Stakeholder feedback regularly informs policy improvements and adaptations.

Alignment with EYFS 2025 and GDPR:

  • This policy fully integrates EYFS 2025 revisions, emphasizing safeguarding personal data, transparency in data handling, rigorous confidentiality standards, and comprehensive GDPR compliance.

Signed: Jemma & Dale Ferriday
Date: August 2025
Review Date: April 2027